This article was previously published under Q72796
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Viruses commonly "hide" in little-used files such as FIND.EXE. Listedbelow are steps you can take to check for a virus without the benefitof a viral scanner. The procedure involves using CHKDSK and FIND(commonly targeted for infection) to check for changes in conventionalmemory and/or file size.
If you suspect your machine may have contracted a virus, do thefollowing:
Put write-protect tabs on your DOS disks. This will keep the disks from being written over, and they can be used as a reference for file size and date checking.
Compare the file sizes and dates of the DOS disks to the corresponding files residing on the hard drive. One way you can accomplish this task is to boot up with the DOS system floppy disk and, at the A: prompt, type DIR *.* > PRN. This command will pipe a directory listing to the printer.
Repeat step 2 using the DOS supplemental disk.
Type C: and change to your DOS directory. Type DIR *.* > PRN again. Be sure to do this for COMMAND.COM as well (it may be in the root directory). If there is any discrepancy in file sizes or dates between the DOS disks and your hard disk, you may have a virus. In that event, you should obtain a virus cleaning program and/or reformat your hard disk.
Run CHKDSK after powering on your computer (don't boot off the floppy disk). At the bottom of the read-out, CHKDSK will give a number for Total Bytes Memory, as well as Bytes Free. Write down these numbers.
Change to the directory in which the DOS commands reside. Type DIR FIND.EXE. Note the the size of the file and the date.
Type FIND. You will receive an error message telling you "No Parameters Specified", However, the command has been activated, even if in error.
Run CHKDSK again. Check too see if there is any change in Total Bytes Memory or Bytes Free. Since FIND.EXE is not a memory-resident utility, there should not be a difference. If there is, you may have a virus. You should obtain a virus cleaning program and/or reformat the hard disk.
Change to your DOS directory. Once again, type DIR FIND.EXE. Compare the files size and date with the number you had written down previously. If there is a change, you should obtain a virus cleaning program and/or reformat the hard disk.
MS-DOS version 5.0 disks are shipped without a notch; therefore, theyare write protected. The chances of these disks containing a virus areextremely small. The DOS 5.0 disks are compressed; therefore, the filesizing is different. You can tell a compressed file by the underscorethat will be the last character of the extension on a compressed file.To expand a compressed file, use the expand utility on Disk 5 (for5.25-inch disks) or Disk 3 (for 3.5-inch disks).